Some security experts say the incident has exposed weaknesses in the country’s cybersecurity infrastructure, and recommend coordinated action to address the threats.
Last week, President Joe Biden signed an executive order to strengthen cybersecurity, requiring the federal government to meet cybersecurity standards.
Ransomware attacks, like that on Colonial Pipeline, and advanced persistent threats (APT) are increasing, posing significant threats around the world, said Yan Chen, a professor of computer science at Northwestern University.
“Ransomware is a type of malware that encrypts a computer’s system of data to block a user’s access unless a ransom is paid,” Chen said. “The APT uses all kinds of measures to get into systems and after that, often a ransomware attack is launched to get a financial benefit.”
He expects the threat of both to continue getting worse, and cryptocurrency is one reason why: it allows hackers a fast, secure and anonymous way to obtain a ransom.
“They’re often used to target infrastructure and critical government systems, and it really depends on who is behind it,” said Phil Andrew, a former special agent with the FBI who is now principal of PAX Group and a professor at DePaul University. “When it’s an organized crime, they’re often after money, and in the case of state sponsored attacks, they’re after secrets and intellectual property.”
Andrew said the U.S. needs a national strategy related to cyberattacks and negotiation. Last week it was reported that Colonial Pipeline paid nearly $5 million in ransom.
Organizations in the private sector aren’t always quick to collaborate with intelligence and law enforcement agencies because of concerns of potential economic harm — and sometimes out of embarrassment, Andrew said.
“There isn’t a coordinated effort with the government, law enforcement and intelligence organizations with the private sector,” Andrew said. “Those have been attempted many times and there’s a renewed effort, but it really requires the public sector to fully engage and do some of the preventative work, plus, once they’re hit, to immediately integrate and cooperate with the authorities.”
Chen agrees that collaboration is an important part of addressing the growing security threat cyberattacks pose, and said it’s important that laws and regulations keep up with the changing security landscape.
At the individual level, users can practice good security habits and install personal security software to protect their devices, Chen said.
As the threat of cyberattacks evolves, the U.S. is still determining what the threshold is for an attack to be considered an act of war, Andrew said.
“I think we’re still building some of the guidelines for that, but rest assured that state sponsors, state intelligence organizations and defense and aggressors are watching this and learning from it and seeing what tools and what sort of social responses this gets,” Andrew said. “It’s a great sort of experiment they get to watch as these organized crime organizations use the same tool that they might be using in warfare, cyberwarfare that is.”